af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
Size

73KB
MD5

2520ba8deefc5ef4e594508672b52b8c
SHA1

77381c37b2335f0a0bb55dd97c2954c2def348d4
SHA256

af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612
SHA512

a15f7731b0b18d922e2715207e5f452e6f07772c99e706a8ae56b633989757e699cdf76cccb2a57668c33613ee63ab42185f4dc3578b2896e183bba23cdf1849
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReD:W7ZDpApYbWj2WTWJe+e/qe

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5201) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL058.XML.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL089.XML.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.EXCEL.16.1033.hxn.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Input.Manipulations.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc_sb64.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\EssentialResume.dotx.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ppd.xrm-ms.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONWordAddin.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.tree.dat.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hi.pak.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Timer.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LHANDW.TTF.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.tmp	af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe

C:\Users\Admin\AppData\Local\Temp\af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe
"C:\Users\Admin\AppData\Local\Temp\af237eb84ce4686486f1b7aea29c02f09ad3db5ce92d72e36fb667b96bb9f612.exe"
1⤵
- Drops file in Program Files directory
PID:3300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
73KB

MD5
2cefaacc8f3d40a63ff78efbaad29545

SHA1
6871eb188cb4d7602d06742d8d22262dd04524c8

SHA256
2b0ed02e99b30a1bdbe9e0e7ff649c8e289e918d9c66e7148a4154e1db7956b7

SHA512
e80605fb80b8d4d52ff4f272635c5c9cdbc7d945b59b399d8a2270348c6af701ddc5aebb6e4588ea4232415625e6f6e5bbd14657b7c656a584604b4b9d306b27

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
172KB

MD5
f704f1611309b01295499f9e4534e641

SHA1
fcffd6ca543eeeaeff71f5bdec20540132583f35

SHA256
5747b7a9eca07257fc3bb7d4ac41d65f03d70016ee965293e1cb39726956ac7c

SHA512
1b593175ac68d5a0f17f50cb0b51f3284d4106f4ae5eb555f15072b74719514d3d981f346e9f1d1f028268370c810660ecf61e69ebb25c678c7759d96c13cc83

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads